Sysdig, the unified container and cloud security leader, announced that Sysdig open source, the incident response
standard for containers, has been extended to the cloud. Using system calls, Sysdig open source traditionally offers
deep observability into running applications, as well as file system access and network activity, which speeds incident
response and troubleshooting. Teams can quickly filter information from Sysdig OSS and take action. With the
announcement of this new integration, these capabilities have been extended beyond containers to any cloud environment.
The complexity of cloud-native applications – with countless components and variables – makes it extremely difficult for
security analysts and system administrators to quickly triage alerts and debug problems. Sysdig OSS captures process,
file system, and network activity in real time and with a high degree of granularity. The tool, which has nearly two
million downloads and 6,850 GitHub stars, surfaces everything from executed commands and file system activity to network
activity. Sysdig OSS then offers advanced filtering and troubleshooting capabilities, supporting root cause analysis for
security and performance issues.
Using a new plugin framework – originally developed by the open source community for the CNCF project Falco – Sysdig
extends the number of sources Sysdig OSS can be connected with to anything that generates logs or events, including
Azure, Google, and AWS CloudTrail logs. Going forward, every plugin developed for Falco can also be leveraged by Sysdig
OSS. Using one tool, like Sysdig OSS, to observe events from the entire cloud-native environment streamlines
investigations. Using a different tool for each environment adds complexity, which makes it massively harder to
troubleshoot.
Learn more about this framework in the Sysdig OSS 0.29 new release blog.
Sysdig’s commitment to open source
Sysdig was founded as an open source company and Sysdig Secure and Sysdig Monitor were both built on an open source
foundation to address the security challenges of modern cloud applications. Both projects were created by Sysdig to
leverage deep visibility as a foundation for security, and they have become standards for container and cloud threat
detection and incident response. Falco, which was contributed to the CNCF in 2018, is now an incubation-level hosted
project with more than 45 million downloads.
Sysdig OSS and Falco can be used together as a powerful open source solution to reduce risk at runtime. Sysdig OSS acts
as a flight recorder, capturing a detailed record for inspection. Falco acts as a security camera, continuously
detecting unexpected behaviour, configuration changes, intrusions, and data theft in real time. Teams can use Sysdig OSS
and Falco together to detect and respond to threats.
“If you want to see what is going on inside an application, Sysdig OSS gives you that record,” said Sysdig founder and
chief technology officer Loris Degioanni. “Sysdig open source was the inspiration for Falco. While Falco will monitor and alert based on your policies, Sysdig
open source will tell you what happened at a particular time, before and after the event. Having the ability to use both
open source tools in the cloud is extremely powerful.”